Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0385

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0385
Last Modified 05 Sep 2008 04:38:17
Published 01 Jun 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0385

Summary

Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. NOTE: due to the vagueness of the Oracle advisory, it is not clear whether there are additional issues besides this overflow, although the advisory alludes to multiple "vulnerabilities."

Vulnerable Systems

Application

  • Oracle Application Server Web Cache 9.0.0.4.0

  • Oracle Application Server Web Cache 9.0.2.3.0

  • Oracle Application Server Web Cache 9.0.3.1.0

  • Oracle Application Server Web Cache 9.0.4.0.0

  • Oracle E-business Suite 11i


References

CERT-VN - VU#413006

CONFIRM - http://otn.oracle.com/deploy/security/pdf/2004alert66.pdf

XF - oracle-web-cache-vulnerabilities(15463)

BID - 9868

MISC - http://www.inaccessnetworks.com/ian/services/secadv01.txt

BUGTRAQ - 20040316 new security alert #66 issued in Oracle web cache

VULNWATCH - 20040408 Heap Overflow in Oracle 9iAS / 10g Application Server Web Cache

OSVDB - 4249

SECUNIA - 11118


Last Updated: 27 May 2016 10:38:35